In recent years, commercial transactions have come to be practically performed via the Internet, not only between companies, but also between companies and consumers (users). In most cases, an electronic transaction, known as a “business-to-consumer (B-to-C) transaction,” is achieved when a user uses a personal computer, logging in to the server of the company that provides various kinds of service. More specifically, the browser operating on the user's personal computer displays the Web page the company's server publishes on the Internet. The user then inputs his or her ID and password on the Web page, transmitting the ID or password to the server. The ID and password are thereby logged in the company's server.
Most users who utilize electronic transactions of this type receive service from a plurality of companies. For security reasons, some users have log-in user IDs and log-in passwords associated with the respective servers, each being an alphanumeric character string, and use the log-in user ID and log-in password associated with any server from which to receive service. The more user IDs and passwords a user has, the more he or she will be annoyed in managing them. To eliminate such a problem the users may have, a service called “account aggregation” is offered (see, for example, Jpn. Pat. Appln. KOKAI Publication No. 2000-259566.)
Using account aggregation, a user can log into the servers of a plurality of companies, only by inputting the user ID and password for logging in the server that provides the account aggregation service, only if the user IDs and passwords for logging the servers of the companies have been registered in the server that provides the account aggregation service. (Single-sign on is thereby accomplished.) Thus, the user is freed from the troublesome management of many user IDs and passwords.
From the user's point of view, however, the account aggregation service manages all his or her user IDs and passwords in an external server. The security all depends on external management. Although his or her ID and password have been encrypted and managed in the external server, they are decrypted in the external server when the external server logs in, in place of the user, the server with which the user wants to make a transaction. In the external server, the user ID and password temporarily remain decrypted. Although the time they remain decrypted is very short, they cannot be said never to leak outside the external server.
Software has been developed, which accomplish account aggregation in the user's personal computer. If this software is used, the user's IDs and passwords are all managed in the personal computer. Hence, there is no risk of leakage when the IDs and passwords are decrypted at the time of logging in the desired server. Thus, the security can be achieved.
If the personal computer is stolen, however, the user ID and password may leak if the software (namely, the personal computer) holds the encryption key for encrypting and decrypting the user ID and password.